The researchers will also release new techniques that use search engines to identify security vulnerabilities in software and to pinpoint malicious websites hosting malware. Building on their previous research and tools introduced over the last two years, Brown and Ragan have built the industry's largest database of search engine-exposed security vulnerabilities and threats and will propose updates to their existing base of open source intelligence-gathering tools.

The tools and research, which Brown and Ragan have named "Search Diggity," will be introduced in
a talk at the DEF CON 20
security conference in Las Vegas July 26-29.

"We've used these tools to find hundreds of vulnerabilities in our clients' environments that they would not otherwise have known about," said Brown, a managing partner at Stach & Liu, which provides security consulting and testing services for large enterprises. "Search engines like Google and Bing have the ability to expose an incredible amount of sensitive information and vulnerability data, and we believe it's essential for enterprises to identify those weaknesses before the bad guys do. That's why we're releasing these tools at DEF CON, and making them available for free."

Among the tools that the researchers will unveil at DEF CON:

CloudDiggity Data Mining Tool Suite - Allows security professionals to download information mined from the Internet and quickly search it for sensitive data that may be vulnerable, such as Social Security numbers, credit card numbers, and passwords.